v0.0.1 · system status
Open APIOpenAPI 3.1Zero token storage
§ docs Provider preset v0.0.1 · 2026-04-26

Provider preset

Fetch a starter policy template for a known IdP or CI provider.

GET /v1/presets/{provider} Fetch a starter policy template for a known IdP or CI provider.

Returns a VerifyPolicy template prefilled with the canonical issuer URL, recommended algorithms, suggested required claims, and reasonable defaults for a known provider. Use this to bootstrap a policy file rather than typing values from your IdP’s docs.

Templates are starting points

Presets express what JWTShield knows about each provider; they do not know your audience values, your custom required claims, or your client secret. Fill those in before validating real tokens.

Request

path
Field Type Required Description
provider string yes One of: auth0, okta, cognito, github_actions, gitlab.

No request body. No authentication required.

Response — 200

body — application/json
Field Type Required Description
provider string yes Echoes the path parameter.
issuer string yes Canonical issuer URL for the provider.
policy VerifyPolicy yes Prefilled policy template. See fields below.
notes string no Setup hints specific to this provider (when present).

The returned policy object has the same fields as documented in VerifyPolicy. Common preset values:

200 GitHub Actions preset 
{
  "provider": "github_actions",
  "issuer": "https://token.actions.githubusercontent.com",
  "policy": {
    "allowed_algs": [
      "RS256"
    ],
    "audiences": [],
    "required_claims": [
      "repository",
      "ref",
      "sub"
    ],
    "clock_skew_seconds": 60,
    "secret": null,
    "public_key": null
  },
  "notes": "Audience is caller-defined; configure with permissions: id-token: write and request audience=api://your-service."
}

Errors

StatusCause
404provider is not a recognised name. The 404 body lists supported values.

Example

curl -sSf -H "Authorization: Bearer $JWTSHIELD_KEY" "$JWTSHIELD_URL/v1/presets/github_actions"